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REAL PARTY IN INTEREST 

International Business Machines Corporation, the assignee of record as evidenced by the 
Assignment recorded at Frame 0551 of Reel 010714, is the real party in interest in the subject 
Appeal. 

RELATED APPEALS AND INTERFERENCES 

No appeals or interferences known to Appellant, Appellant's legal representative, or assignee 
will directly affect or be directly affected by or have a bearing on the Board's decision in the present 
Appeal. 

STATUS OF THE CLAIMS 

Claims 13-17 have been canceled. Claims 1-12 and 18-28 stand finally rejected by the 
Examiner as noted in the Final Office Action dated November 20, 2002. The rejections of Claims 
1-12 and 18-28 are appealed. 

STATUS OF AMENDMENTS 

No amendment was proposed or entered subsequent to the Final Rejection dated 
November 20, 2002, and labeled Paper No. 7. 

SUMMARY OF THE INVENTION 

As set forth at page 7, line 3 et seq, of the present specification, the present invention is 
directed to a method and system for detecting on-line material that is suspected of infringing a 
copyright of a user's original work. In order to avoid copying the suspected infiinging material, and 
thus possibly violating the suspected infringing material's copyright, a first distillation signature, 
which is incapable of being used to reconstruct the suspected infiinging material's possible copyright, 
is generated. A second distillation signature of the user's original work is then generated, and the 
first and second distillation signatures are compared. If the first distillation and second distillation 
match, then there is a likelihood, although not a certainty, that the suspected infiinging material and 
the user's original work are the same. The works are not certain to be the same, since the signatures 

Page 2 

DOCKET NO. AUS990891US1 
SERIAL NO. 09/535,581 

Austin/ 112264.1 



generated are not direct encryptions, and are thus incapable of being used to reconstruct the 
materials. 

To illustrate, consider a paragraph of text from a webpage that is suspected of containing 
material that is so similar to other text being used that there may be a copyright infringement. The 
suspected copyright infringing material may be located using key data for identifying passages of 
text, such as used by a search engine to locate key terms on websites on the Internet. The suspected 
copyright infringing material is downloaded in a stream (orderly data stream), which is then used to 
generate "a first electronic signature." In a preferred embodiment, this "first electronic signature" 
is generated through the use of a linear feedback shift register, as depicted in Figure 5 and described 
in the present specification. The stream of data is converted into a binary data stream (converted 
from a stream of bytes to a stream of bits), and run through the depicted shift register. The shift 
register uses a combination of latches and logic gates (depicted as OR gates) to create a unique 1 6-bit 
"first electronic signature" for the block of data. That is, after running the entire binary stream 
through the linear feedback shift register, the register will contain a non-exclusive 16-bit value that 
can (likely) only be generated by the binary stream resulting from a unique block of data, such as a 
paragraph of text. Note that the non-exclusive nature of the electronic signature is that different 
blocks of data may generate the same electronic signature, due to the inherent nature of distilling the 
data to a smaller data form than the original data. This electronic signature is then compared with 
a second electronic signature for a block of data (original copyright material) owned/used by the user 
of the present invention. If the two signatures match, then the two texts are possibly identical, 
indicating a copyright infiingement. In a preferred embodiment, the two blocks of data (the 
suspected copyright infiinging material that was downloaded and the user's own original copyright 
material) are then visually compared. 

Altematively, the paragraph or other defined block of text can be parsed into smaller pieces 
(data segments), and each smaller data segment is evaluated as above. This allows the user to 
identify similar or identical passages of text. If similar or identical passages are identified, in a 
preferred embodiment the two passages are then displayed on-screen for a visual examination by the 
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user. Thus, the user is able to ensure that a copyright infringement is not committed, either 
inadvertently (by the user) or intentionally (by another party), on all or part of a passage. 



ISSUES 

I. Are the Examiner's rejections of Claims 1-4, 7-10, 18-21 and 26 under 35 USC §103(a) as 
unpatentable ow^r Atkinson et al, U.S. Patent No. 5,739,996, in view oiTsuria et al, U.S. Patent 
No. 6,466,670, and are the Examiner's rejections of Claims 27 and 28 under 35 USC § 103(a) as 
unpatentable ov^r Atkinson et al, U.S. Patent No. 5,739,996, in view oiTsuria et al, U.S. Patent 
No. 6,466,670 and further in view of Ammar, U.S. Patent No. 6,424,728, well-founded? 

n. Are the Examiner's rejections of Claims 5-6, 11-12 and 22-23 under 35 USC §103(a) as 
unpatentable over Atkinson et al, U.S. Patent No. 5,739,996, in view of Tsuria et ai, U.S. Patent 
No. 6,466,670 well founded? 

m. Are the Examinees rejections of Claim 24 under 35 USC §103(a) as unpatentable over 
Atkinson et al, U.S. Patent No. 5,739,996, in view oiTsuria et al, U.S. Patent No. 6,466,670 
well founded? 

IV. Are the Examiner's rejections of Claim 25 under 35 USC § 103(a) as unpatentable over 
Atkinson et al, U.S. Patent No. 5,739,996, in view oiTsuria et aL, U.S. Patent No. 6,466,670 
well founded? 

GROUPING OF THE CLAIMS 

For purposes of this Appeal, Claims 1-4, 7-10, 18-21 and 26-28 stand or fall together as 
Group I, Claims 5-6, 1 1-12 and 22-23 stand or fall together as Group H, and Claim 24 stands or falls 
alone as Group in, and Claim 25 stands or falls alone as Group IV. 
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ARGUMENT 

I. The Examiner's rejections of the claims in Group I should be reversed because the 
combination of references does not teach comparing electronic distillations of different data, wherein 
the electronic distillations are each incapable of reconstructing data by direct decipherment. 

The Examinerhas rejected Claims 1-4, 7-10, 18-21 and26under35U.S.C. § 103(a) as being 
unpatentable over Atkinson et al (U.S. Patent No. 5,892,904 - Atkinson*") in view of Tsuria et al. 
(U.S. Patent No. 6,466,670). The Examiner has also rejected Claims 27 and 28 under 35 USC 
§ 1 03(a) as unpatentable over Atkinson et al , U.S. Patent No. 5,739,996, in view of Tsuria et al , U.S. 
Patent No. 6,466,670 and further in view of Ammar, U.S. Patent No. 6,424,728. These rejections 
are not well founded and should be reversed. 

Atkinson teaches a method of data encryption, and specifically teaches a method of creating 
an electronic signature using a public/private key pair. The electronic signature ensures the 
authenticity of the document being sent, analogously to a written signature. Various methodologies 
are known in the art for creating a digital signature. Li the passages cited by the Examiner in 
Atkinson, this digital signature is created using a private key known only to the sender and a public 
key available to anyone. The public key is typically part of a digital certificate issued by a 
certification authority (CA) or agency. Thus, the sender "signs" a document using his private key, 
which encrypts the signature. To decrypt the signature, the receiver of the document uses the 
sender's public key. Atkinson teaches a second layer of security by requiring the receiver to use a 
second public key (provided by the CA) to decrypt the sender's public key. {Atkinson col. 3, lines 
13-40; col 6, line 34 to col. 8, line 29.) 

Tsuria teaches a method of authorizing/preventing video downloading. lAkQ Atkinson, Tsuria 
uses digital signatures associated with the video content to authorize the video's downloading {Tsuria 
col. 5, lines 45-46). A digital signature is "created and verified by cryptography... transforming 
messages into seemingly unintelligible forms and back again." {Digital Signature Guidelines 
Tutorial, http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html: copy attached in Appendix B). 
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Applicants submit that exemplary Claim 1 (and similarly Claims 7, 18 and 26 and the other 
claims in Group I) is not rendered unpatentable by Atkinson taken in combination with Tsuria taken 
because the cited prior art references do not teach or suggest each feature of Claim 1 as amended 
herein. For example, the combination of references does not teach or suggest: 

"receiving a selectable data stream of suspected copyright infringing material" 
"generating a first electronic signature" of the suspected copyright infringing material 
and a "second electronic signature for an original copyright material", wherein each 
electronic signature is a "distillation" " that is incapable of reconstructing said original 
copyright material by direct decipherment ," and 

comparing the two electronic signatures, wherein a match of the signatures "indicates 
a likelihood" that the two materials are the same. 

The electronic signature is a distillation generated according to the data segment (or original 
copyright material) itself, and is not a "digital signature" as described by Atkinson or Tsuria. The 
distillation cannot be used to reconstruct the data segment (original copyright material). That is, the 
electronic signature of the present invention is a unique abbreviated value generated by logic to 
generate a unique value that identifies the data segment. The data segment provides the data required 
to generate the specific value (electronic signature), but the specific value, being a distillation, is 
incapable of reconstructing the data segment. Thus, the present invention is not an 
encryption/decryption method and system as described by Atkinson or Tsuria, and the cited prior art 
does not teach or suggest the claimed features as presently claimed. 

Likewise, Atkinson and Tsuria do not teach the feature of comparing electronic signatures 
for different data ("original copyright material" and "suspected copyright infiinging material"), 
wherein a match of the signatures indicates that the materials are the same. Atkinson's "digital 
signal" is a single unit of data that is decrypted by a receiver to authenticate the identity of the sender, 
and Tsuria's content is a single video content. 
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• 



Because the prior art relied upon by the Examiner teaches only encryption from which 
material is reconstructable, thus creating the potential for copyright violation that the present 
invention teaches how to avoid, the rejections of exemplary Claim 1 and the other claims of Group 
I should be reversed. 

n. The Examiner's rejections of the claims in Group n should be reversed because the 
combination of references does not teach visually comparing electronic distillations of different data, 
wherein the electronic distillations are each incapable of reconstructing data by direct decipherment. 

The Examiner has rejected Claims 5-6, 11-12 and 22-23 under 35 U.S.C. § 103(a) as being 
unpatentable ovqt Atkinson et al (U.S. Patent No. 5,892,904 - ''Atkinson'") in view of Tsuria et al 
(U.S. Patent No. 6,466,670). These rejections are not well founded and should be reversed. 

The Examiner's rejection of exemplary Claim 2 of Group n should be reversed for reasons 
presented above under issue L The rejection of exemplary Claim 2 (and similarly the other claims 
in Group II) should also be reversed because the Examiner's combination of Atkinson and Tsuria do 
not teach "visually examining" the "suspected copyright infringing material" if the first and second 
signatures match. 

As claimed by the claims in Group n, when a suspected copyright infringing material is 
identified, it is displayed on-screen to the user, who then compares the suspected copyright infringing 
material with the user's own original copyright material. Atkinson does not teach or suggest such a 
visual comparison of data segments. Rather, Atkinson teaches the use of a "cryptographic digest or 
hash," which is well known to those skilled in the art as being a number generated by an encryption 
algorithm from a string of text. The "digest" is manipulated by the computer's cryptographic routine, 
and is never "visually examined." 
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Because the prior art relied upon by the Examiner does not teach visually examining 
decrypted material, the rejections of exemplary Claim 5 and the other claims of Group n should be 
reversed. 

m. The Examiner's rejection of Claim 24 in Group HI should be reversed because the 
combination of references teaches away from the use of a feedback shift register to generate a non- 
reconstructable electronic signature. 

The Examiner has rejected Claim 24 under 35 U.S.C. § 103(a) as being unpatentable over 
Atkinson et al (U.S. Patent No. 5,892,904 - Atkinson'") in view of Tsuria et al (U.S. Patent No. 
6,466,670). This rejection is not well founded and should be reversed. 

The Examiner's rejection of Claim 24 of Group III should be reversed for reasons presented 
above under issue L The rejection of exemplary Claim 24 should also be reversed because the 
Examiner's combination of Atkinson and Tsuria does not teach the use of a feedback shift register 
to generate a digital signature, specifically a distillation that is incapable of reconstructing material 
by direct decipherment. 

Claim 24 claims the use of a feedback shift register to generate a distillation ("first electronic 
signature") of suspected copyright infiinging material. Atkinson and Tsuria teach the generation of 
decipherable encryption. A feedback shift register cannot generate a decipherable encryption, since 
a feedback shift register overwrites data by feeding new data into the shift register. This process of 
overwriting makes decipherment impossible due to the information lost, and thus the prior art 
teaches away from the present invention as claimed in Claim 24. 

Because the prior art relied upon by the Examiner teaches away fi'om the use of a feedback 
shift register to generate a distillation of material, the rejection of Claim 24 in Group HI should be 
reversed. 
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rv. The Examiner's rejection of Claim 25 in Group IV should be reversed because the 
combination of references does not teach the use of a shift register to generate a non-reconstructable 
electronic signature for each data segment in material. 

The Examiner has rejected Claim 25 under 35 U.S.C. § 103(a) as being unpatentable over 
Atkinson et al (U.S. Patent No. 5,892,904 - "Atkinson") in view of Tsuria et al (U.S. Patent No. 
6,466,670). This rejection is not well founded and should be reversed. 

The Examiner's rejection of Claim 25 of Group IV should be reversed for reasons presented 
above under issue I. The rejection of exemplary Claim 25 should also be reversed because the 
Examiner's combination of Atkinson and Tsuria do not teach the use of a shift register to generate 
a digital signature, specifically a distillation that is incapable of reconstructing material by direct 
decipherment. 

Claim 25 claims the use of a feedback shift register to generate a distillation ("first electronic 
signature") of suspected copyright infringing material. Atkinson and Tsuria teach the generation of 
decipherable encryption. The prior art cited utilizes well known encryption techniques, which utilize 
algorithms known in the art to scramble and unscramble data. Claim 25 does not utilize an algorithm 
to generate an encryption, but rather uses a shift register to generate a number that is generated by 
the data, but in a non-exclusive manner. That is, the shift register generates a number that may be 
the same for many distinct and different sets of data. Such a process is not taught by any of the prior 
art cited by the Examiner. 

Because the prior art relied upon by the Examiner does not teach the use of a shift register 
to generate a distillation of material, the rejection of Claim 25 in Group IV should be reversed. 
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CONCLUSION 



In view of the foregoing arguments, which demonstrate that the combination of cited 
references does not teach all of the limitations of the present invention. Appellants respectfully 
request the Board to reverse the rejection of each pending claim. 

Please charge IBM CORPORATION Deposit Account No. 09-0447 in the amount of 
$320.00 for submission of a Brief in Support of Appeal. No additional fee is believed to be required; 
however, in the event an additional fee is required please charge that fee to IBM CORPORATION 
Deposit Account No. 09-0447. 



Respectfully submitted, 




James E. Boice 
Registration No. 44,545 
Bracewell & Patterson, l.l.p. 
Ill Congress Avenue, Suite 2300 
Austin, Texas 78701-4061 
(512) 343-6116 



ATTORNEY FOR APPELLANTS 
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APPENDIX A 



1 1 . A method for detecting copyright violation, said method comprising: 

2 receiving a selectable data stream of suspected copyright infringing material; 

3 generating a first electronic signature for said data stream of said suspected copyright 

4 infringing material, said first electronic signature being a distillation, of said data stream, that is 

5 incapable of reconstructing said data stream by direct decipherment; 

6 generating a second electronic signature for an original copyright material, said second 

7 electronic signature being a distillation, of said original copyright material, that is incapable of 

8 reconstructing said original copyright material by direct decipherment; and 

9 comparing said first electronic signature with said second electronic signature, wherein a 

10 match of said first electronic signature with said second electronic signature indicates a 

1 1 likelihood that said suspected copyright infiinging material and said original copyright material 

12 are the same. 

1 2. The method of Claim 1 , fiirther comprising: 

2 receiving said data stream of suspected copyright infiinging material from the Litemet. 

1 3. The method of Claim 1 , fiirther comprising: 

2 parsing said data stream of suspected copyright infiinging material into suspected 

3 copyright infiinging material data segments; and 

4 generating a suspected copyright infiinging material data segment electronic signature for 

5 each said suspected copyright infiinging material data segment, each said suspected copyright 

6 infiinging material data segment electronic signature being a distillation of a corresponding said 

7 suspected copyright infiinging material data segment. 

1 4. The method of Claim 3, fiirther comprising: 

2 parsing said original copyright material into original copyright material data segments; 

3 and 



Austin/112264.1 



Page 1 1 

DOCKET NO. AUS990891US1 
SERIAL NO. 09/535,581 



4 generating an original copyright material data segment electronic signature for each said 

5 original copyright material data segment, each said original copyright material data segment 

6 electronic signature being a distillation of a corresponding said original copyright material data 

7 segment. 

1 5. The method of Claim 1 , further comprising: 

2 determining that said first electronic signature and said second electronic signature are a 

3 match; and 

4 visually examining said suspected copyright infringing material having said first 

5 electronic signature matching said second electronic signature of said original copyright data 

6 material. 

1 6. The method of Claim 4, further comprising: 

2 determining that at least one of said suspected copyright infiinging material data segment 

3 electronic signatures matches at least one of said original copyright material data segment 

4 electronic signatures; and 

5 visually examining said suspected copyright infiinging material data segment having said 

6 suspected copyright infiinging material data segment electronic signature matching said original 

7 copyright material data segment electronic signature. 

1 7. A system for detecting copyright violation, said system comprising: 

2 receiving means for receiving a selectable data stream of suspected copyright infringing 

3 material; 

4 signature generation means for generating a first electronic of said suspected material and 

5 a second electronic signature of an original copyright material, each said electronic signature 

6 being a distillation of material incapable of reconstructing said suspected material or said original 

7 copyright material by direct decipherment; and 

8 comparator means for comparing said first electronic signature with said second 

9 electronic signature, wherein a match of said first electronic signature with said second electronic 
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10 signature indicates a likelihood that said suspected copyright infringing material and said original 

1 1 copyright material are the same. 

1 8. The system of Claim 7, further comprising: 

2 means for receiving said data stream of suspected copyright infringing material from the 

3 Intemet. 

1 9. The system of Claim 7, fiirther comprising: 

2 parsing means for parsing said data stream of suspected copyright infringing material into 

3 suspected copyright infringing material data segments; and 

4 means for generating a suspected copyright infringing material data segment electronic 

5 signature for each said suspected copyright infringing material data segment, each said suspected 

6 copyright infringing material data segment electronic signature being a distillation of a 

7 corresponding said suspected copyright infringing material data segment. 

1 10. The system of Claim 9, further comprising: 

2 parsing means for parsing said original copyright material into original copyright material 

3 data segments; and 

4 means for generating an original copyright material data segment electronic signature for 

5 each said original copyright material data segment, each said original copyright material data 

6 segment electronic signature being a distillation of a corresponding said original copyright 

7 material data segment. 

1 11. The system of Claim 7, further comprising: 

2 means for determining that said first electronic signature and said second electronic 

3 signature are a match; and 

4 means for visually displaying said suspected copyright infringing material having said 

5 first electronic signature matching said second electronic signature of said original copyright 

6 material. 
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12. The system of Claim 10, further comprising: 

means for determining that at least one of said suspected copyright infringing material 
data segment electronic signatures matches at least one of said original copyright material data 
segment electronic signatures; and 

means for visually examining said suspected copyright infringing material data segment 
having said suspected copyright infringing material data segment electronic signature matching 
said original copyright material data segment electronic signature. 

13. (Cancelled) 

14. (Cancelled) 

15. (Cancelled) 

16. (Cancelled) 

17. (Cancelled) 

18. A computer program product within a computer readable medium having instructions for 
detecting copyright violation, said computer program product comprising: 

instructions within said computer readable medium for receiving a selectable data stream 
of suspected copyright infringing material; 

instructions within said computer readable medium for generating a first electronic 
signature for said data stream of said suspected copyright infringing material, said first electronic 
signature being a distillation, of said data stream, that is incapable of reconstructing said data 
stream by direct decipherment; 

instructions within said computer readable medium for generating a second electronic 
signature for an original copyright material, said second electronic signature being a distillation. 
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of said original copyright material, that is incapable of reconstructing said original copyright 
material by direct decipherment; and 

instructions within said computer readable medium for comparing said first electronic 
signature with said second electronic signature, wherein a match of said first electronic signature 
with said second electronic signature indicates a likelihood that said suspected copyright 
infringing material and said original copyright material are the same. 

19. The computer program product of Claim 18, further comprising: 

instructions within said computer readable mediimi for receiving said data stream of 
suspected copyright infiinging material fi'om the Internet. 

20. The computer program product of Claim 18, further comprising: 

instructions within said computer readable medium for parsing said data stream of 
suspected copyright infringing material into suspected copyright infringing material data 
segments; and 

instructions within said computer readable medium for generating a suspected copyright 
infringing material data segment electronic signature for each said suspected copyright infringing 
material data segment, each said suspected copyright infringing material data segment electronic 
signature being a distillation of a corresponding said suspected copyright infringing material data 
segment. 

21 . The computer program product of Claim 20, further comprising: 

instructions within said computer readable medium for parsing said original copyright 
material into original copyright material data segments; and 

instructions within said computer readable medium for generating an original copyright 
material data segment electronic signature for each said original copyright material data segment, 
each said original copyright material data segment electronic signature being a distillation of a 
corresponding said original copyright material data segment. 
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1 22. The computer program product of Claim 1 8, further comprising: 

2 instructions within said computer readable medium for determining that said first 

3 electronic signature and said second electronic signature are a match, thus enabling a visual 

4 examination of said suspected copyright infringing material. 

1 23 . The computer program product of Claim 2 1 , further comprising: 

2 instructions within said computer readable medium for determining that at least one of 

3 said suspected copyright infringing material data segment electronic signature matches at least 

4 one of said original copyright material data segment electronic signature. 

1 24. The method of Claim 1, further comprising: 

2 generating said first electronic signature of said suspected copyright infringing material 

3 using a feedback shift register. 

1 25. The system of claim 7, further comprising: 

2 a shift register for generating said electronic signature for each said data segment of said 

3 suspected material. 

1 26. A system for detecting a copyright violation, said system comprising: 

2 means for storing a first electronic signature for an original copyright material, said first 

3 electronic signature being a distillation of said original copyright material; 

4 means for identifying a suspected copyright infringing material that is suspected of being 

5 the same as said original copyright material; 

6 means for generating a second electronic signature for said suspected copyright infringing 

7 material, said second electronic signature being a distillation, of said data stream, that is 

8 incapable of reconstructing said data stream by direct decipherment; and 

9 means for comparing said first electronic signature with said second electronic signature, 

10 wherein a match of said first electronic signature and said second electronic signature indicates a 
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likelihood that said original copyright material and said suspected copyright infringing material 
are the same, thus indicating a copyright violation. 

27. The method of claim 5, wherein said visual examination is perfomied upon said matches 
of said signatures exceeding a predetermined number of occurrences. 

28. The system of claim 12, wherein said visual examination is performed upon said matches 
of said signatiires exceeding a predetermined nimiber of occurrences. 
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APPENDIX B 



DIGITAL SIGNATURE GUIDELINES TUTORIAL 
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Dfgital Si'gnature Guidelines - Tutorial 




Page 3 of 6 



• Affirmative act: The affixing of the signature shouTobe an affirnnative act which 
serves the ceremonial and approval functions of a signature and establishes the 
sense of having legally consunnmated a transaction. 

• Efficiency: Optimally, a signature and its creation and verification processes 
should provide the greatest possible assurance of both signer authenticity and 
document authenticy, with the least possible expenditure of resources. 

Digital signature technology generally surpasses paper technology in all these 
attributes. <18> To understand why, one must first understand how digital signature 
technology works. 

How Digital Signature Teclinology Works 

Digital signatures are created and verified by cryptography, the branch of applied^ 
mathematics that concerns itself with transforming messages into seemingt;^ 
unintelligible forms and back again! Digital signatures use what is known as "public key 
cryptography," which employs an algorithm using two different but mathematically 
related "keys;" one for creating a digital signature or transforming data into a seemingly 
unintelligible form, and another key for verifying a digital signature or returning the 
message to its original form. <19> Computer equipment and software utilizing two such 
keys are often collectively termed an "asymmetric cryptosystem." 

The complementary keys of an asymmetric cryptosystem for digital signatures are 
arbitrarily termed the private key. which is known only to the signer <2Q> and used to 
create the digital signature, and the public key, which is ordinarily more widely known 
and is used by a relying party to verify the digital signature. If many people need to 
verify the signer's digital signatures, the public key must be available or distributed to all 
of them, perhaps by publication in an on-line repository or directory where it is easily 
accessible. Although the keys <21> of the pair are mathematically related, if the 
asymmetric cryptosystem has been designed and implemented securely <22> it is 
"computationally infeasible <23> to derive the private key from knowledge of the public 
key. Thus, although many people may know the public key of a given signer and use it 
to verify that signer's signatures, they cannot discover that signer's private key and use 
it to forge digital signatures. This is sometimes referred to as the principle of 
"irreversibility." 

Another fundamental process, termed a "hash function," is used in both creating and 
verifying a digital signature. A hash function is an algorithm which creates a digital 
representation or "fingerprint" in the form of a "hash value" or "hash result" of a 
standard length which is usually much smaller than the message but nevertheless 
substantially unique to it. <24> Any change to the message invariably produces a 
different hash result when the same hash function is used. In the case of a secure hash 
function, sometimes termed a "one-way hash function," it is computationally infeasible 
<25> to derive the original message from knowledge of its hash value. Hash functions 
therefore enable the software for creating digital signatures to operate on smaller and 
predictable amounts of data, while still providing robust evidentiary correlation to the 
original message content, thereby efficiently providing assurance that there has been 
no modification of the message since it was digitally signed. 

Thus, use of digital signatures usually involves two processes, one performed by the 
signer and the other by the receiver of the digital signature: 

• Digital signature creation uses a hash result derived from and unique to both 
the signed message and a given private key. For the hash result to be secure, 
there must be only a negligible possibility that the same digital signature could 
be created by the combination of any other message or private key. 

• Digital signature verification is the process of checking the digital signature by 
reference to the original message and a given public key, thereby determining 
whether the digital signa ture was created for that same message using the 
private key that corresponds to the referenced public key. 

To sign a document or any other item of information, the signer first delimits precisely 
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the borders of what is to be signed. The delimited information to be signed is termed 
the "message" in these Guidelines. Then a hash function in the signer's software 
computes a hash result unique (for all practical purposes) to the message. The signer's 
software then transforms the hash result into a digital signature using the signer's 
private key. <26> The resulting digital signature is thus unique to both the message and 
the private key used to create it. 

Typically, a digital signature (a digitally signed hash result of the message) is attached 
to its message and stored or transmitted with its message. However, it may also be 
sent or stored as a separate data element, so long as it maintains a reliable association 
with its message. Since a digital signature is unique to its message, it is useless if 
wholly disassociated from its message. 

Verification of a digital signature is accomplished by computing a new hash result of the 
original message by means of the same hash function used to create the digital 
signature. Then, using the public key and the new hash result, the verifier checks: (1) 
whether the digital signature was created using the corresponding private key; and (2) 
whether the newly computed hash result matches the original hash result which was 
transformed into the digital signature during the signing process. The verification 
software will confirm the digital signature as "verified" if: (1) the signer's private key was 
used to digitally sign the message, which is known to be the case if the signer's public 
key was used to verify the signature because the signer's public key will verify only a 
digital signature created with the signer's private key; <27> and (2) the message was 
unaltered, which is known to be the case if the hash result computed by the verifier is 
identical to the hash result extracted from the digital signature during the verification 
process. 

Various asymmetric cryptosystems create and verify digital signatures using different 
algorithms and procedures, but share this overall operational pattern. 

The processes of creating a digital signature and verifying it accomplish the essential 
effects desired of a signature for many legal purposes: 

• Signer authentication: If a public and private key pair is associated with an 
identified signer, the digital signature attributes the message to the signer. The 
digital signature cannot be forged, unless the signer loses control of the private 
key (a "compromise" of the private key), such as by divulging it or losing the 
media or device in which it is contained. 

• Message authentication: The digital signature also identifies the signed 
message, typically with far greater certainty and precision than paper signatures. 
Verification reveals any tampering, since the comparison of the hash results (one 
made at signing and the other made at verifying) shows whether the message is 
the same as when signed. 

• Affirmative act: Creating a digital signature requires the signer to use the 
signer's private key. This act can perform the "ceremonial" function of alerting 
the signer to the fact that the signer is consummating a transaction with legal 
consequences. <28> 

• Efficiency: The processes of creating and verifying a digital signature provide a 
high level of assurance that the digital signature is genuinely the signer's. As with 
the case of modern electronic data interchange ("EDI") the creation and 
verification processes are capable of complete automation (sometimes referred 
to as "machinable"), with human interaction required on an exception basis only. 
Compared to paper methods such as checking specimen signature cards -- 
methods so tedious and labor-intensive that they are rarely actually used in 
practice -- digital signatures yield a high degree of assurance without adding 
greatly to the resources required for processing. 

The processes used for digital signatures have undergone thorough technological peer 
review for over a decade. Digital signatures have been accepted in several national and 
international standards developed in cooperation with and accepted by many 
corporations, banks, and government agencies. <29> The likelihood of malfunction or a 
security problem in a digital signature cryptosystem designed and implemented as 
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prescribed in ine industry standards is extremely remote, <5d> and is far less than the 
risk of undetected forgery or alteration on paper or of using other less secure electronic 
signature techniques. 



Public Key Certificates 



To verify a digital signature, the verifier must have access to the signer's public key and 
have assurance that it corresponds to the signer's private key. However, a public and 
private key pair has no intrinsic association with any person; it is simply a pair of 
numbers. Some convincing strategy is necessary to reliably associate a particular 
person or entity to the key pair. 

In a transaction involving only two parties, each party can simply communicate (by a 
relatively secure "out-of-band" channel such as a courier or a secure voice telephone) 
the public key of the key pair each party will use. Such an identification strategy is no 
small task, especially when the parties are geographically distant from each other, 
normally conduct communication over a convenient but insecure channel such as the 
Internet, are not natural persons but rather corporations or similar artificial entities, and 
act through agents whose authority must be ascertained. As electronic commerce 
increasingly moves from a bilateral setting to the many-on-many architecture of the 
World Wide Web on the Internet, where significant transactions will occur among 
strangers who have no prior contractual relationship and will never deal with each other 
again, the problem of authentication/nonrepudiation becomes not merely one of 
efficiency, but also of reliability. An open system of communication such as the Internet 
needs a system of identity authentication to handle this scenario. 



To that end, a prospective signer might issue a public statement, such as: "Signatures 
verifiable by the following public key are mine." However, others doing business with 
the signer may for good reason be unwilling to accept the statement, especially where 
there is no prior contract establishing the legal effect of that published statement with 
certainty. A party relying upon such an unsupported published statement in an open 
system would run a great risk of trusting a phantom or an imposter, or of attempting to 
disprove a false denial of a digital signature ("nonrepudiation") if a transaction should 
turn out to prove disadvantageous for the purported signer. 



The solution to these problems is the use of one or more trusted third parties to 
associate an identified signer with a specific public key. <31> That trusted third party is 
referred to as a "certification authority" in most technical standards and in these 
Guidelines. 



To associate a key pair with a prospective signer, a certification authority issues a 
certificate, an electronic record which lists a public key as the "subject" of the certificate, 
and confirms that the prospective signer identified in the certificate holds the 
corresponding private key. The prospective signer is termed the "subscriber. <32> A 
certificate's principal function is to bind a key pair with a particular subscriber. A 
"recipient" of the certificate desiring to rely upon a digital signature created by the 
subscriber named in the certificate (whereupon the recipient becomes a "relying party") 
can use the public key listed in the certificate to verify that the digital signature was 
created with the corresponding corresponding private key. <33> If such verification is 
successful, this chain of reasoning provides assurance that the corresponding private 
key is held by the subscriber named in the certificate, and that the digital signature was 
created by that particular subscriber. 



To assure both message and identity authenticity of the certificate, the certification 
authority digitally signs it. The issuing certification authority's digital signature on the 
certificate can be verified by using the public key of the certification authority listed in 
another certificate by another certificate authority (which may but need not be on a 
higher level in a hierarchy) <34> , and that other certificate can in turn be authenticated 
by the public key listed in yet another certificate, and so on, until the person relying on 
the digital signature is adequately assured of its genuineness. In each case, the issuing 
certification authority must digitally sign its own certificate during the operational period 
of the other certificate used to verify the certification authority's digital signature. 
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A digital signSire, whether created by a subscriber to auircnticate a message or by a 
certification authority to authenticate its certificate (in effect a specialized message) 
should be reliably time-stamped to allow the verifier to determine reliably whether the 
digital signature was created during the "operational period" stated in the certificate, 
which is a condition upon verifiability of a digital signature under these Guidelines. <35> 

To make a public key and its identification with a specific subscriber readily available for 
use in verification, the certificate may be published in a repository or made available by 
other means. Repositories are on-line databases of certificates and other information 
available for retrieval and use in verifying digital signatures. Retrieval can be 
accomplished automatically by having the verification program directly inquire of the 
repository to obtain certificates as needed. 

Once issued, a certificate may prove to be unreliable, such as in situations where the 
subscriber misrepresents his identity to the certification authority. In other situations, a 
certificate may be reliable enough when issued but come to be unreliable sometime 
thereafter. If the subscriber loses control of the private key ("compromise" of the private 
key), the certificate has become unreliable, and the certification authority (either with or 
without the subscriber's request depending on the circumstances) may suspend 
(temporarily invalidate) or revoke (permanently invalidate) the certificate. Immediately 
upon suspending or revoking a certificate, the certification authority must publish notice 
of the revocation or suspension or notify persons who inquire or who are known to have 
received a digital signature verifiable by reference to the unreliable certificate. 

Challenges and Opportunities 

The prospect of fully implementing digital signatures in general commerce presents 
both benefits and costs. The costs consist mainly of: 

• Institutional overhead: The cost of establishing and utilizing certification 
authorities, repositories, and other important services, as well as assuring quality 
in the performance of their functions. 

• Subscriber and Relying Party Costs: A digital signer will require software, and 
will probably have to pay a certification authority some price to issue a certificate. 
Hardware to secure the subscriber's private key may also be advisable. Persons 
relying on digital signatures will incur expenses for verification software and 
perhaps for access to certificates and certificate revocation lists (CRL) in a 
repository. 

On the plus side, the principal advantage to be gained is more reliable authentication of 
messages. Digital signatures, if properly implemented and utilized offer promising 
solutions to the problems of: 

• Imposters, by minimizing the risk of dealing with impostors or persons who 
attempt to escape responsibility by claiming to have been impersonated; 

• Message integrity, by minimizing the risk of undetected message tampering 
and forgery, and of false claims that a message was altered after it was sent; 

• Formal legal requirements, by strengthening the view that legal requirements 
of form, such as writing, signature, and an original document, are satisfied, since 
digital signatures are functionally on a par with, or superior to paper forms; and 

• Open systems, by retaining a high degree of information security, even for 
information sent over open, insecure, but inexpensive and widely used channels. 
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Tutorial 



In today's commercial environment, establishing a framework for the authentication <1> 
of computer-based information requires a familiarity with concepts and professional 
skills from both the legal and computer security fields. Combining these two disciplines 
is not an easy task. Concepts from the information security field often correspond only 
loosely to concepts from the legal field, even in situations where the terminology is 
similar. For example, from the information security point of view, "digital signature" 
means the result of applying to specific information certain specific technical processes 
described below. The historical legal concept of "signature" is broader, it recognizes 
any mark made with the intention of authenticating the marked document. <2> In a 
digital setting, today's broad legal concept of "signature" may well include markings as 
diverse as digitized images of paper signatures, typed notations such as "/s/ John 
Smith," or even addressing notations, such as electronic mail origination headers. 



From an information security viewpoint, these simple "electronic signatures" are distinct 
from the "digital signatures" described in this tutorial and in the technical literature, 
although "digital signature" is sometimes used to mean any form of computer- based 
signature. These Guidelines use "digital signature" only as it is used in information 
security terminology, as meaning the result of applying the technical processes 
described in this tutorial. 

To explain the value of digital signatures in legal applications, this tutorial begins with 
an overview of the legal significance of signatures. It then sets forth the basics of digital 
signature technology, and examines how, with some legal and institutional 
infrastructure, digital signature technology can be applied as a robust computer-based 
alternative to traditional signatures. 



Signatures and the Law 



A signature is not part of the substance of a transaction, but rather of its represen tation 
or form. Signing writings serve the following general purposes: <3> 
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• Evidence: A signature authenticates a writing by identifying the signer with the 
signed document. When the signer makes a mark in a distinctive manner, the 
writing becomes attributable to the signer.<4> 

• Ceremony: The act of signing a document calls to the signer's attention the legal 
significance of the signer's act, and thereby helps prevent "Inconsiderate 
engagements.<5> 

• Approval: In certain contexts defined by law or custom, a signature expresses 
the signer's approval or authorization of the writing, or the signer's intention that 
it have legal effect. <6> 

• Efficiency and logistics: A signature on a written document often imparts a 
sense of clarity and finality to the transaction and may lessen the subsequent 
need to inquire beyond the face of a document.<7> Negotiable Instruments, for 
example, rely upon formal requirements, including a signature, for their ability to 
change hands with ease, rapidity, and minimal interruption. <8> 

The formal requirements for legal transactions, including the need for signatures, vary 
in different legal systems, and also vary with the passage of time. There is also 
variance in the legal consequences of failure to cast the transaction in a required form. 
The statute of frauds of the common law tradition, for example, does not render a 
transaction invalid for lack of a "writing signed by the party to be charged." but rather 
makes it unenforceable in court. <9> a distinction which has caused the practical 
application of the statute to be greatly limited in case law. 

During this century, most legal systems have reduced formal requirements,<10> or at 
least have minimized the consequences of failure to satisfy formal requirements. 
Nevertheless, sound practice still calls for transactions to be formalized in a manner 
which assures the parties of their validity and enforceability .<11> In current practice, 
formalization usually involves documenting the transaction on paper and signing or 
authenticating the paper. Traditional methods, however, are undergoing fundamental 
change. Documents continue to be written on paper, but sometimes merely to satisfy 
the need for a legally recognized form. In many instances, the information exchanged to 
effect a transaction never takes paper form. Computer-based information can also be 
utilized differently than its paper counterpart. For example, computers can "read" digital 
information and transform the information or take programmable actions based on the 
information. Information stored as bits rather than as atoms of ink and paper can travel 
near the speed of light, may be duplicated without limit and with insignificant cost. 

Although the basic nature of transactions has not changed, the law has only begun to 
adapt to advances in technology. The legal and business communities must develop 
rules and practices which use new technology to achieve and surpass the effects 
historically expected from paper forms. 

To achieve the basic purposes of signatures outlined above, a signature must have the 
following attributes: <12> 

• Signer authentication: A signature should indicate who signed a document, 
message or record. <13> and should be difficult for another person to produce 
without authorization. 

• Document authentication: <14> A signature should identify what is signed, 
<15> making it impracticable to falsify or alter either the signed matter or the 
signature without detection. 

Signer authentication and document authentication are tools used to exclude 
impersonators and forgers and are essential ingredients of what is often called a 
"nonrepudiation service" in the terminology of the information security profession. A 
nonrepudiation service provides assurance of the origin or delivery of data in order to 
protect the sender against false denial by the recipient that the data has been received, 
or to protect the recipient against false denial by the sender that the data has been 
sent. <16> Thus, a nonrepudiation service provides evidence to prevent a person from 
unilaterally modifying or terminating legal obligations arising out of a transaction 
effected by computer-based means. <17> 
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